Under proposed changes to the Computer Misuse and Cybersecurity Act (CMCA), the act of obtaining hacking tools to commit a crime or using personal data that was obtained through hacks will be criminalised.
This was revealed by the Ministry of Home Affairs (MHA) in a press release on Thursday (Mar 9) after the amendment Bill was introduced for the first reading in Parliament. There were four key changes proposed.
- Criminalise the act of dealing in personal information obtained via an act in contravention of the CMCA
Criminals may use personal information obtained illegally, through hacks for example, to commit or facilitate crimes such as identity fraud. For instance, they may trade in hacked credit card details even though they did not commit the act of hacking to obtain the information, MHA explained.
- Criminalise the act of dealing in items capable of being used to commit a CMCA offence
MHA said criminals could gain easy access to items capable of accessing a computer illegally, or hacking tools, and examples include malware and port scanners, which can be readily obtained online. The amendment criminalises the act of obtaining, and the act of dealing, in these items, for committing or facilitating a computer offence.
- Extraterritorial application of CMCA offences with “serious harm” to Singapore
It is currently not an offence under the CMCA if someone commits a criminal act while overseas, against a computer located overseas, even if the impact is felt here.
The proposed changes aim to make this an offence if the act “causes or creates a significant risk of serious harm in Singapore”, with the MHA defining serious harm as injury or death or disruptions to essential services.
- Amalgamate charges for CMCA offences
Online criminals may conduct multiple unauthorised acts against a computer over a period of time, and this amendment allows these acts to be combined under a single charge. It also allows for the application of enhanced penalties when the combined acts result in high aggregate damage, MHA said.
MHA said the Bill sought to amend the CMCA to tackle the increasing scale and transnational nature of online crimes as well as the evolving tactics of cybercriminals, and said it had consulted businesses and professionals in the Internet services and cybersecurity industries and take their views into account when proposing the changes.